c166c04f3c7465a12c783f3ccb18d9f0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c166c04f3c7465a12c783f3ccb18d9f0
Size

318KB
MD5

c166c04f3c7465a12c783f3ccb18d9f0
SHA1

847f15befc9f7d8d11d458750a0b5bf9203cb7bd
SHA256

7c07d3244034c0c88c89c83f101aaeda21735771bd1f6a0bcd8aa2d691d98750
SHA512

2a7a7a2e005d062d1288f9f9a77f502dff1237231f67b1b5210e461e9bc3fead86d22200893dcf391d343d4fb7f63866dbc9dfe55dd1cab66c0e315b80ab5116
SSDEEP

3072:FUOE+sCaD7HYxlt39LOSmChBobbA4kK7Jrhp+8u7IsPDNSjhNR5xX:jsCaDMrCo2kKjZ25Un35

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c166c04f3c7465a12c783f3ccb18d9f0

Files

c166c04f3c7465a12c783f3ccb18d9f0
.sys windows:5 windows x86 arch:x86

91b30a38926952dc57d7239e0a65c905

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\项目开发\ddk\ange\bin\i386\aNgE.pdb

Imports

ntoskrnl.exe

KeServiceDescriptorTable
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
IoCreateDevice
KeTickCount
RtlEqualUnicodeString
IoCreateSymbolicLink
IofCompleteRequest

hal

KfLowerIrql
KeRaiseIrqlToDpcLevel

Sections

.text
Size: 896B - Virtual size: 774B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 159B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 512B - Virtual size: 444B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 128B - Virtual size: 118B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ